Exiv2 through 0.27.1 allows an attacker to cause a denial of service (crash due to assertion failure) via an invalid data location in a CRW image file.
Created exiv2 tracking bugs for this issue:
Affects: fedora-all [bug 1728493]
https://github.com/Exiv2/exiv2/commit/6212806b7637be683a56c769a8d905153996d933 [master branch]
https://github.com/Exiv2/exiv2/commit/7798ae25574425271305fffe85de77bec8df03f1 [0.27-maintenance branch]